diff --git a/provisioner/chef-client/provisioner.go b/provisioner/chef-client/provisioner.go index c7bd865dd..7feab150c 100644 --- a/provisioner/chef-client/provisioner.go +++ b/provisioner/chef-client/provisioner.go @@ -63,6 +63,7 @@ type Config struct { SkipCleanNode bool `mapstructure:"skip_clean_node"` SkipInstall bool `mapstructure:"skip_install"` SslVerifyMode string `mapstructure:"ssl_verify_mode"` + TrustedCertsDir string `mapstructure:"trusted_certs_dir"` StagingDir string `mapstructure:"staging_directory"` ValidationClientName string `mapstructure:"validation_client_name"` ValidationKeyPath string `mapstructure:"validation_key_path"` @@ -83,6 +84,7 @@ type ConfigTemplate struct { NodeName string ServerUrl string SslVerifyMode string + TrustedCertsDir string ValidationClientName string ValidationKeyPath string } @@ -268,7 +270,8 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error { remoteValidationKeyPath, p.config.ValidationClientName, p.config.ChefEnvironment, - p.config.SslVerifyMode) + p.config.SslVerifyMode, + p.config.TrustedCertsDir) if err != nil { return fmt.Errorf("Error creating Chef config file: %s", err) } @@ -283,7 +286,7 @@ func (p *Provisioner) Provision(ui packer.Ui, comm packer.Communicator) error { if !(p.config.SkipCleanNode && p.config.SkipCleanClient) { knifeConfigPath, knifeErr := p.createKnifeConfig( - ui, comm, nodeName, serverUrl, p.config.ClientKey, p.config.SslVerifyMode) + ui, comm, nodeName, serverUrl, p.config.ClientKey, p.config.SslVerifyMode, p.config.TrustedCertsDir) if knifeErr != nil { return fmt.Errorf("Error creating knife config on node: %s", knifeErr) @@ -341,7 +344,8 @@ func (p *Provisioner) createConfig( remoteKeyPath string, validationClientName string, chefEnvironment string, - sslVerifyMode string) (string, error) { + sslVerifyMode string, + trustedCertsDir string) (string, error) { ui.Message("Creating configuration file 'client.rb'") @@ -371,6 +375,7 @@ func (p *Provisioner) createConfig( ValidationClientName: validationClientName, ChefEnvironment: chefEnvironment, SslVerifyMode: sslVerifyMode, + TrustedCertsDir: trustedCertsDir, EncryptedDataBagSecretPath: encryptedDataBagSecretPath, } configString, err := interpolate.Render(tpl, &ctx) @@ -386,7 +391,7 @@ func (p *Provisioner) createConfig( return remotePath, nil } -func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, clientKey string, sslVerifyMode string) (string, error) { +func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator, nodeName string, serverUrl string, clientKey string, sslVerifyMode string, trustedCertsDir string) (string, error) { ui.Message("Creating configuration file 'knife.rb'") // Read the template @@ -394,10 +399,11 @@ func (p *Provisioner) createKnifeConfig(ui packer.Ui, comm packer.Communicator, ctx := p.config.ctx ctx.Data = &ConfigTemplate{ - NodeName: nodeName, - ServerUrl: serverUrl, - ClientKey: clientKey, - SslVerifyMode: sslVerifyMode, + NodeName: nodeName, + ServerUrl: serverUrl, + ClientKey: clientKey, + SslVerifyMode: sslVerifyMode, + TrustedCertsDir: trustedCertsDir, } configString, err := interpolate.Render(tpl, &ctx) if err != nil { @@ -685,6 +691,9 @@ environment "{{.ChefEnvironment}}" {{if ne .SslVerifyMode ""}} ssl_verify_mode :{{.SslVerifyMode}} {{end}} +{{if ne .TrustedCertsDir ""}} +trusted_certs_dir "{{.TrustedCertsDir}}" +{{end}} ` var DefaultKnifeTemplate = ` @@ -696,4 +705,7 @@ node_name "{{.NodeName}}" {{if ne .SslVerifyMode ""}} ssl_verify_mode :{{.SslVerifyMode}} {{end}} +{{if ne .TrustedCertsDir ""}} +trusted_certs_dir "{{.TrustedCertsDir}}" +{{end}} ` diff --git a/website/source/docs/provisioners/chef-client.html.md b/website/source/docs/provisioners/chef-client.html.md index 05898263e..566742490 100644 --- a/website/source/docs/provisioners/chef-client.html.md +++ b/website/source/docs/provisioners/chef-client.html.md @@ -105,6 +105,11 @@ configuration is actually required. SSL certificates. If not set, this defaults to "verify\_peer" which validates all SSL certifications. +- `trusted_certs_dir` (string) - This is a directory that contains additional + SSL certificates to trust. Any certificates in this directory will be added to + whatever CA bundle ruby is using. Use this to add self-signed certs for your + Chef Server or local HTTP file servers. + - `staging_directory` (string) - This is the directory where all the configuration of Chef by Packer will be placed. By default this is "/tmp/packer-chef-client" when guest\_os\_type unix and @@ -158,6 +163,9 @@ environment "{{.ChefEnvironment}}" {{if ne .SslVerifyMode ""}} ssl_verify_mode :{{.SslVerifyMode}} {{end}} +{{if ne .TrustedCertsDir ""}} +trusted_certs_dir :{{.TrustedCertsDir}} +{{end}} ``` This template is a [configuration @@ -170,6 +178,7 @@ variables available to use: - `NodeName` - The node name set in the configuration. - `ServerUrl` - The URL of the Chef Server set in the configuration. - `SslVerifyMode` - Whether Chef SSL verify mode is on or off. +- `TrustedCertsDir` - Path to dir with trusted certificates. - `ValidationClientName` - The name of the client used for validation. - `ValidationKeyPath` - Path to the validation key, if it is set.